From 3deceb76402865b538fe2ab63286269b95847484 Mon Sep 17 00:00:00 2001 From: Koda Reef Date: Mon, 23 Mar 2026 13:08:39 +0000 Subject: [PATCH 1/2] Replace sprintf with snprintf in refclock_ripencc logging Four sprintf calls write formatted GPS receiver data into a 1024-byte logbuf without bounds checking. The C1 format string at line 1677 has 17 format specifiers including floating-point values that can produce long output. Replace with snprintf bounded by sizeof(logbuf). --- ntpd/refclock_ripencc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ntpd/refclock_ripencc.c b/ntpd/refclock_ripencc.c index a7339e3d49..1f9659f3b6 100644 --- a/ntpd/refclock_ripencc.c +++ b/ntpd/refclock_ripencc.c @@ -1507,7 +1507,7 @@ parse0x8FAD( utcflags = buf[19]; - sprintf(logbuf, "U1 %d.%d.%d %02d:%02d:%02d %d %02x", + snprintf(logbuf, sizeof(logbuf), "U1 %d.%d.%d %02d:%02d:%02d %d %02x", day, month, year, hour, minute, second, trackstat, utcflags); #ifdef DEBUG_NCC @@ -1674,7 +1674,7 @@ parse0x8F0B( } - sprintf(logbuf, "C1 %02d%02d%04d %02d%02d%02d %d %7.0f %.1f %.0f %.1f %d %02d%09.6f %c %02d%09.6f %c %.0f %d %d %d %d %d %d %d %d", + snprintf(logbuf, sizeof(logbuf), "C1 %02d%02d%04d %02d%02d%02d %d %7.0f %.1f %.0f %.1f %d %02d%09.6f %c %02d%09.6f %c %.0f %d %d %d %d %d %d %d %d", day, month, year, hour, minute, second, mode, bias, biasunc, rate, rateunc, utcoff, lat_deg, lat_min, north_south, lon_deg, lon_min, east_west, alt, sv[0], sv[1], sv[2], sv[3], sv[4], @@ -1750,7 +1750,7 @@ parse0x4F( dn = bGetShort (&buf[22]); dt_lsf = bGetShort (&buf[24]); - sprintf(logbuf, "L1 %d %d %d %g %g %g %d %d %d", + snprintf(logbuf, sizeof(logbuf), "L1 %d %d %d %g %g %g %d %d %d", dt_lsf - dt_ls, dt_ls, dt_lsf, a0, a1, tot, wn_t, wn_lsf, dn); #ifdef DEBUG_NCC @@ -1802,7 +1802,7 @@ parse0x5C( elevation = bGetSingle(&buf[12]) * R2D; azinuth = bGetSingle(&buf[16]) * R2D; - sprintf(logbuf, "S1 %02d %d %d %02x %4.1f %5.1f %4.1f", + snprintf(logbuf, sizeof(logbuf), "S1 %02d %d %d %02x %4.1f %5.1f %4.1f", prn, channel, aqflag, ephstat, snr, azinuth, elevation); #ifdef DEBUG_NCC From 036355eac3205fb1c85d805d091054d9e7d14942 Mon Sep 17 00:00:00 2001 From: Koda Reef Date: Mon, 23 Mar 2026 14:46:10 +0000 Subject: [PATCH 2/2] Use constant-time comparison for MAC and hash verification Two locations use memcmp() for cryptographic verification: - sntp/crypto.c:181: NTP packet MAC verification. The developer comment at line 177 acknowledges "isc_tsmemcmp will be better" but the fix was never applied. - ntpd/ntp_leapsec.c:1144: SHA1 digest comparison for leap second file integrity in the long-running ntpd daemon. Replace both with constant-time XOR accumulation loops. --- ntpd/ntp_leapsec.c | 12 ++++++++++-- sntp/crypto.c | 15 ++++++++++----- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/ntpd/ntp_leapsec.c b/ntpd/ntp_leapsec.c index 2618862c57..f358b658dd 100644 --- a/ntpd/ntp_leapsec.c +++ b/ntpd/ntp_leapsec.c @@ -1141,8 +1141,16 @@ leapsec_validate( return LSVALID_NOHASH; if (0 == hlseen) return LSVALID_BADFORMAT; - if (0 != memcmp(&rdig, &ldig, sizeof(sha1_digest))) - return LSVALID_BADHASH; + { + volatile unsigned char diff = 0; + const unsigned char *a = (const unsigned char *)&rdig; + const unsigned char *b = (const unsigned char *)&ldig; + size_t i; + for (i = 0; i < sizeof(sha1_digest); i++) + diff |= a[i] ^ b[i]; + if (diff != 0) + return LSVALID_BADHASH; + } return LSVALID_GOODHASH; } diff --git a/sntp/crypto.c b/sntp/crypto.c index 1be2ea3f0c..d4cbd4e084 100644 --- a/sntp/crypto.c +++ b/sntp/crypto.c @@ -174,11 +174,16 @@ auth_md5( pkt_ptr += pkt_len + sizeof(keyid_t); - /* isc_tsmemcmp will be better when its easy to link with. sntp - * is a 1-shot program, so snooping for timing attacks is - * Harder. - */ - return mac_len == len && !memcmp(dbuf, pkt_ptr, mac_len); + /* Use constant-time comparison for MAC verification. */ + if (mac_len != len) + return 0; + { + volatile unsigned char diff = 0; + size_t i; + for (i = 0; i < mac_len; i++) + diff |= dbuf[i] ^ pkt_ptr[i]; + return (diff == 0); + } } static int